Newly published memo leaked by Edward Snowden details the value of Skype data.

Last year, Ars documented how Skype encryption posed little challenge to Microsoft abuse filters that scanned instant messages for potentially abusive Web links. Within hours of newly created, never-before-visited URLs being transmitted over the service, the scanners were able to pluck them out of a cryptographically protected stream and test if they were malicious. Now comes word that the National Security Agency is also able to work around Skype crypto—so much so that analysts have deemed the Microsoft-owned service "vital" to a key surveillance regimen known as PRISM.

Further Reading

"PRISM has a new collection capability: Skype stored communications," a previously confidential NSA memo from 2013 declared. "Skype stored communications will contain unique data which is not collected via normal real-time surveillance collection." The data includes buddy lists, credit card information, call records, user account data, and "other material" that is of value to the NSA's special source operations.

The memo, which was leaked by former NSA contractor Edward Snowden and released Tuesday by Glenn Greenwald to coincide with the publication of his book No Place to Hide, said the FBI's Electronic Communications Surveillance Unit had approved "over 30 selectors to be sent to Skype for collection."

The memo went on to state, "PRISM Skype collection has carved out a vital niche in NSA reporting in less than two years with terrorism, Syrian opposition and regime, and exec/special serious reports being the top topics. Over 2800 reports have been issued since April 2011 based on PRISM Skype collection, with 76% of them being single source."

Microsoft has remained vague about the extent of encryption protecting Skype communications. The memo suggests that those protections are limited, at least as far as buddy lists, credit card data, call records, and user account information are concerned. The data available under the "New Skype Stored Comms Capability For PRISM" may not stop there, given Microsoft's documented ability to read the plaintext inside instant messages.

A more accurate opening statement would be:"Last year, Ars documented how Microsoft scanned instant messages that it claimed were securely encrypted for potentially abusive Web links."

It can't be a challenge for Microsoft when they designed the system that implements the "message encryption" in the first place.

The revised statement doesn't seem much different from the original to me. And it's not obvious that a cryptographic system's designer will be able to read traffic encrypted using that system. Most cryptographic systems are designed to be as secure against the original creator as against a hostile third party that knows every implementation detail.